CN106059752A - White-box cryptography encryption-decryption method based on expansion ciphertext - Google Patents
White-box cryptography encryption-decryption method based on expansion ciphertext Download PDFInfo
- Publication number
- CN106059752A CN106059752A CN201610531694.0A CN201610531694A CN106059752A CN 106059752 A CN106059752 A CN 106059752A CN 201610531694 A CN201610531694 A CN 201610531694A CN 106059752 A CN106059752 A CN 106059752A
- Authority
- CN
- China
- Prior art keywords
- bit
- ciphertext
- plain text
- function
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
Abstract
The invention discloses a white-box cryptography encryption-decryption method based on an expansion ciphertext. The method comprises the expansion ciphertext and a lookup table, wherein a pseudorandom bit stream is implied in the expansion ciphertext; the lookup table is used for decrypting n bits to m bits (the n is greater than the m); and a table lookup operation is a combination of three functions, namely the one-to-one mapping function F <(K, n-n)> of n-bit inputs to n-bit outputs relevant to a secret key K, the function C<n-m> of the n-bit inputs to the n-bit outputs, and the one-to-one mapping function F <(K, m-m)> of m-bit inputs to m-bit outputs relevant to the secret key K. According to the method disclosed by the invention, in encryption, a server side takes the pseudorandom bit stream as a mask, is combined with the ciphertext and is scrambled to obtain the expansion ciphertext; and in decryption, the n-bit ciphertext is decrypted into a m-bit plaintext via the table lookup operation. The decryption efficiency can be obviously improved.
Description
Technical field
The invention belongs to areas of information technology, relate to one and can be applicable to the insincere ring such as smart mobile phone, top box of digital machine
In border, whitepack password encipher-decipher method based on expansion ciphertext.
Background technology
Traditional cryptographic algorithm always assumes that at the beginning of design and runs in black box environment, i.e. assailant is only capable of and observes
The input of algorithm and output.However as the development of information technology, this hypothesis is no longer set up.Currently, various electronic equipments with
Place can obtain, and can directly or indirectly access the Internet, and people obtain the approach of digital content and get more and more.These equipment include
But it is not limited to top box of digital machine, IPTV, PC and increasing hand-held device, such as mobile phone, panel computer etc..Along with
The intellectuality of these equipment, the running environment at software place therein is probably incredible, and the validated user of equipment also has can
Can become active attack person, the most traditional cryptographic algorithm is the most reliable.
Such as, digital content is encrypted by server end, controls it and distributes to validated user.User terminal software obtains
After ciphertext, key is utilized to be decrypted, to obtain the digital content that can use.But, due to terminal software running environment
Insecurity, assailant can arbitrarily observe decrypting process, intercepts and captures key easily and be broadcast to disabled user.This incredible
Software runtime environment is referred to as whitepack environment.In whitepack environment, assailant has the control of high authority to running environment, except
Can arbitrarily observe the operation of software, it is also possible to transplant/revise the intermediate object program etc. when code, amendment operation.This to software
Directly attack and be referred to as white-box attack.
Whitepack password is the technology proposed to resist white-box attack, and its concept is the earliest by Stanley Chow etc.
People proposes in " White-box Cryptography and anAES Implementation " (SAC, 2002).Chow etc.
The operation of AES (Advanced Encryption Standard) look-up table networks comprising key is realized by people, carries out look-up table with random dijection
Coding protection, and by cryptographic boundary is shifted protect further in the application comprising deciphering module onto key.Continue to use similar
The method of Chow, whitepack DES, SM4 etc. are suggested in succession.But, all whitepack for existing cryptographic algorithm announced
Work is all proved to be the safest.Method of proof all with Alex Biryukov et al. at " Structural
Cryptanalysis of SASAS " (Journal ofCryptologly, 2010) middle structural workflow net class proposed
Seemingly.
At present, up-to-date whitepack cryptology concentrates on the whitepack password that structure is special.Alex Biryukov et al. exists
“Cryptographic Schemes Based on the ASASA Structure:Black-box,White-box,and
Public-key " (ASIACRYPT, 2014) proposes whitepack password based on ASASA structure;Andrey Bogdanov etc.
People is at " White-box Cryptography Revisited:Space-Hard Ciphers " (22nd ACM SIGSAC
Conference, 2015) the packet dedicated whitepack password of entitled SPACE is proposed in.Wherein, the former has proven to uneasy
Complete, because the look-up table of ASASA structure is by successful decomposition.During with SPACE to plain text encryption, good close in order to obtain
Literary composition character, needs through some encryptions taken turns in plain text, correspondingly, is also required to when deciphering take turns whitepack deciphering mould through some
The process of block, and each wheel comprises some table lookup operations, and deciphering speed is slower.
When constructing special whitepack password, need to meet three below Security Target: 1. ciphertext safety;2. key can not
Extractability;The most anti-code migrating.Ciphertext safety refers to: the cryptogram space is sufficiently large, and ciphertext meets certain cryptography
Characteristic, it is possible to anti-black box is attacked.Key not extractibility refers to: the code that whitepack realizes is generated by cipher controlled, from code
Backstepping key is difficult.Anti-code migrating refers to: whitepack realize must be used as an entirety, it is impossible to be modified or
Person compresses.Special whitepack password can provide the strategy that overall code amount is controlled, the actual size of size of code by implementer according to
Demand for security and actual application environment determine.
Summary of the invention
The whitepack cryptographic system based on expansion ciphertext that the present invention relates to is a kind of new exclusive whitepack password encryption and decryption side
Method, the software can being run in whitepack environment uses, and is used for resisting white-box attack.Whitepack in system realizes being in terminal
N-bit input m bit output (n > m) look-up table, this look-up table is to be generated by server to be then distributed to terminal, distributes
Journey can be network transmission, preset, the carrier duplication of dispatching from the factory etc. ways of distribution.Deciphering in the present invention only needs the behaviour that once tables look-up
Making, efficiency is much higher.Ciphertext character in the present invention is ensured by the pseudorandom bit stream as mask.
The technical solution used in the present invention is as follows:
A kind of whitepack cipher encrypting method based on expansion ciphertext, the steps include:
1) m bit is used mapping function F in plain text(K,m→m)Inverse functionMap, obtain the centre of m bit
Result Ab;Wherein, F(K,m→m)Mapping function for the m bit relevant to key K to m bit;
2) a n-m bit random data PRN and function C is utilizedn→mRandom inverse functionBy this intermediate object program
AbExpansion is n-bit;Wherein, Cn→mIt is input to m bit output function for n-bit;Random inverse functionFor: at function
Cn→mEffect under, m bit exports there being K n-bit preimage (the most multiple n-bit preimage), utilizes pseudo-random data
PRN process of selected from this K preimage is referred to as Cn→mRandom inverse function;
3) mapping function F is utilized(K,n→n)Inverse functionTo intermediate object program A after extensionbMap, obtain
Ciphertext Ad;Wherein,Mapping function for the n-bit relevant to key K to n-bit.
Further, step 1) in, first vector IV with a m bit is calculated in plain text, obtain the middle junction of m bit
Really Aa;Then by this intermediate object program AaUse mapping function F(K,m→m)Inverse functionMap, obtain in m bit
Between result Ab。
Further, a length of m bit of this vector IV, initialization vector IV and the m bit of m bit is carried out in plain text different
Or add calculating, obtain intermediate object program A of m bita。
Further, using grouping encryption method to being encrypted in plain text, wherein, m is block length in plain text, and n is close
The block length of literary composition;Take the low m Bit data in the i-th packet ciphertext and update vector IV, repeat step 1)~3) i+1 is grouped
It is encrypted in plain text, until the encryption of all clear packets is complete.
Further, step 2) in, by this intermediate object program AbExpansion for the method for n-bit is: by this n-m bit random i lumber
According to R and AbCarry out coupling R | | Ab。
A kind of whitepack password decryption method based on expansion ciphertext, decrypting end utilizes the look-up table of encryption end distribution to n ratio
Special ciphertext carries out table lookup operation, and decrypting end utilizes the look-up table of encryption end distribution that n-bit ciphertext is carried out table lookup operation, and it is right to obtain
The m bit answered is in plain text;Wherein, this look-up table is the compound of three functions: the n-bit relevant to key K is input to n-bit output
Mapping function F one by one(K,n→n), n-bit be input to m bit output function Cn→mAnd the m bit input relevant to key K
Mapping function F one by one to the output of m bit(K,m→m)。
Further, this n-bit ciphertext is to be encrypted after vector IV Yu a m bit is calculated by encryption end in plain text
Ciphertext, this m bit obtained is carried out being calculated final plaintext by decrypting end in plain text with this vector IV.
Further, a length of m bit of this vector IV, this m bit vectors IV is carried out in plain text by decrypting end with this m bit
XOR adds calculating, obtains final plaintext.
Further, this ciphertext is to use grouping encryption method to being encrypted the ciphertext obtained in plain text, and wherein, m is bright
The block length of literary composition, n is the block length of ciphertext;The decrypting end low m Bit data of the i-th packet ciphertext updates this vector IV,
With to the m bit after i+1 packet ciphertext deciphering, carrying out XOR adds calculating in plain text, until the deciphering of all ciphertext block is complete.
A kind of whitepack cryptographic system that the present invention provides, maps input message for execution in the case of given key
Password Operations to output message, it is characterised in that described system includes: imply the expansion ciphertext of pseudorandom bit stream, with
And it is used for the n-bit the deciphered look-up table to m bit (n > m).
Further, pseudorandom bit stream as mask and combination scramble in plain text, is obtained expanding ciphertext by server end,
Shuffle operation therein is relevant to key.
Further, the look-up table being used for decryption oprerations is a mapping relevant to key, and its effect is to remove
Mask information in ciphertext.
Further, m and n is arranged to security parameter, controls, according to this security parameter, the code rule that whitepack password realizes
Mould and complexity.
Plant the method that pseudorandom bit stream is applied to whitepack password, for performing defeated in the case of given key
Entering message and be mapped to the Password Operations of output message, wherein pseudorandom bit stream affects the cipher characteristic of ciphertext as mask, negative
The look-up table being an exposure to whitepack environment of duty deciphering.
Compared with prior art, beneficial effects of the present invention is as follows:
1. the invention provides a kind of whitepack cryptographic methods based on expansion ciphertext, feature is that whitepack as shown in Figure 5 is close
Code system, wherein block length m in plain text, block length n (n > m) of ciphertext.In the whitepack password of terminal realizes, only comprise
One n-bit is to the look-up table of m bit, simple for structure, it is easy to accomplish.
2. the whitepack password announced at present, in order to obtain good ciphertext character, need in plain text through some take turns add
Close process.Correspondingly, when deciphering, ciphertext needs through some process taking turns whitepack deciphering module, and deciphering speed is slower.Example
As: in SPACE, the scheme taking turns number minimum also wants 128 look-up tables.And the decryption oprerations in the present invention, it is only necessary to table look-up for 1 time,
Speed, it is thus possible to significantly improve decryption efficiency.
3. the invention provides a kind of according to demand for security control system scale and the means of complexity: using m and n as
Security parameter, determines when reality is implemented.
Accompanying drawing explanation
Fig. 1 shows the structure of terminal look-up table;
A () is traditional look-up table, the look-up table of (b) present invention;
Fig. 2 shows the operation that pseudorandom bit stream obtains expanding ciphertext as mask;
Fig. 3 shows the complete ciphering process of server end;
Fig. 4 shows the decrypting process of terminal;
Fig. 5 shows the overall structure of whitepack cryptographic system based on expansion ciphertext;
Fig. 6 shows the example of the whitepack cryptographic system that the present invention relates to.
Detailed description of the invention
Data stream is operated by the look-up table utilizing implicit key, is the basic skills designing whitepack password at present: as
Shown in Fig. 1 (a), F(K,n→n)It is the mapping one by one to n-bit of the n-bit relevant to key K, is used look-up table 101 table
After reaching out, assailant is difficult to be gone out K or and F by look-up table backstepping(K,n→n)Functional relationship of equal value.101 can be single looking into
Look for table, it is also possible to be the combination of one group of look-up table.
When system is implemented, server end utilizes F(K,n→n)Inverse function data are encrypted, and terminal (runs on white
Box environment) then utilize look-up table to decipher.Structure efficiency and the calculating resource limit (multi-user of server end in view of look-up table
In the case of, it is impossible to store key in the form of a lookup table for each user), look-up table is folded by relatively simple functional relationship
Add generation.
AlexBiryukov et al. utilizes ASASA type structure structure look-up table (see background technology) that key is relevant, i.e.
F(K,n→n)The A (diffusion layer) being correlated with by key and S (replacement layer) is alternately formed by stacking, and devises a kind of packet dedicated whitepack password
Scheme.But their method is proved to be unsafe soon.The look-up table of ASASA structure by the basis of successful decomposition is
The relation between n-bit input and n-bit output can be utilized to set up equation group.If look-up table is designed to n-bit input
Corresponding m bit output (n > m), then assailant is difficult to continue to use existing method again and attacks.
The whitepack cryptographic system based on expansion ciphertext that the present invention relates to, whitepack realization part is in the single n of terminal
Bit is to the look-up table of m bit (n > m) and utilizes the process that look-up table is decrypted.The building method of look-up table such as Fig. 1 (b)
In 102 shown in, table lookup operation is the compound of three functions: the n-bit relevant to key K is input to n-bit and exports
Mapping function F one by one(K,n→n), n-bit be input to m bit output function Cn→mAnd the m bit relevant to key K is input to m
The mapping function F one by one of bit output(K,m→m)。
Look-up table generates at server end, is then distributed to terminal.Ways of distribution can be network transmission, terminal unit
Dispatch from the factory preset, with carrier transmission such as USB flash disk etc..After look-up table is fabricated, functional relationship originally is hidden.In terminal only
Look-up table can be seen, and can't see explicit functional relationship.
When reality is implemented, F(K,n→n)And F(K,m→m)Structure A and S that key can be used relevant replace the side of superposition
Method, or additive method, if ensure its be " invertible mapping of n-bit to n-bit " respectively, " m-bit to m-bit's is reversible
Map ".These 2 functions are secret, and its explicit logical relation (inverse function) is only when server end is encrypted operation
Used.F(K,n→n)And F(K,m→m)To implement be not the emphasis of the present invention, thus the present invention does not describe it and implements.
Cn→mRealization can also have multiple choices, can be secret can also be disclosed.Profit during server end encryption
Use Cn→mRandom inverse function.The most contrafunctional it is defined as: at Cn→mEffect under, preimage (the n ratio of an output (m bit)
Special) there is K, utilize pseudo-random data PRN, from K preimage, select one, this process is referred to as Cn→mRandom inverse function, note
MakeSuch as n=2m, Cn→mIt is that high m bit n-bit inputted in data adds with low m bit XOR, obtains m ratio
Special output;Correspondingly,It it is acquisition n-m=m Bit data from pseudorandom bit stream maker PRNG (201)
PRN, after it being added with m bit input XOR, mends a high position of PRN, the n-bit data after being expanded by result.For table
Stating conveniently, we illustrate with truncation funcation below, i.e. Cn→mIt is that the low m bit only retaining n-bit input data is for exporting number
According to, high-order n-m bit is abandoned.
The general procedure of native system encryption and decryption is as follows: first, as in figure 2 it is shown, the cryptographic operation of server end is(being combined of ο representative function, i.e. f ο g (x)=f (g (x))), this operation can be regarded
Make the inverse operation of terminal table lookup operation, whereinIt is truncation funcation Cn→mRandom inverse function, i.e. from pseudo-random bits
Stream maker PRNG (201) obtains n m Bit data PRN, mends a high position for m bit input data, m Bit data is expanded
For n-bit data.The result of cryptographic operation is as mask using the n m bit pseudo-random data that obtain every time, it is thus achieved that after expansion
Ciphertext.The decrypting process of terminal is then the process utilizing look-up table to remove this mask.
The complete ciphering process of server end is as shown in Figure 3.In order to allow the data after encrypting have more preferable ciphertext character,
We use the CBC pattern of similar block cipher.The initialization vector IV of m bit adds with first m bit XOR in plain text, result is entered
The row such as cryptographic operation of Fig. 2, obtains the ciphertext of n-bit.The low m Bit data of ciphertext is fed back to next group m bit in plain text
The process of encryption, replaces the position of IV.When reality is implemented, it would however also be possible to employ the method for other Cipher Feedback.Ciphering process is retouched
State as follows:
Initialization vector IV and the m bit of 1.m bit XOR in plain text adds, and obtains intermediate object program A of m bita;
2. by AaUse F(K,m→m)Inverse functionEffect, obtains intermediate object program A of m bitb;
3. obtain n-m bit random data R from PRN, the result of step 2. is expanded for n-bit, i.e. R and AbConnection R |
|Ab, this process is designated as
4. utilizeBy R | | AbObtain ciphertext Ad;
5. use AdIn low m Bit data update IV, repeat 1. to 4., next clear packets be encrypted, until institute
There is clear packets encryption complete.
Note: to identical encryption of plaintext, due to the difference of pseudorandom bit stream, encrypted result also can be different, but during deciphering,
Identical ciphertext can be obtained.
The decrypting process of terminal is as shown in Figure 4.The ciphertext of first n-bit, after a table lookup operation, obtains m bit defeated
Go out, its initialization vector IV XOR with m bit is added that (the initialization vector IV of m bit is distributed to terminal by server end;As
Really the plaintext that first is grouped is abandoned by server and terminal agreement, and at this time IV can not be sent to terminal by server),
To in plain text.During deciphering following n-bit ciphertext, the low m bit of front n-bit ciphertext replaces the position of IV.Deciphering
Process prescription is as follows:
1. input is the ciphertext of n-bit, utilizes look-up table, obtains being output as intermediate object program A of m bita;
2. by AaAdd with IV XOR, obtain A in plain textb;
3. update IV with the low m Bit data of ciphertext, repeat 1. and 2., next ciphertext block is decrypted, until institute
There is ciphertext block deciphering complete.
The overall structure of the whitepack cryptographic system based on expansion ciphertext that the present invention relates to is as shown in Figure 5.501 are in clothes
The ciphering process of business device end, 502 are in the decrypting process of terminal.In ciphering process, the character of pseudorandom bit stream can
Affect final ciphertext character so that ciphertext can be resisted black box and be attacked.The realization of pseudorandom bit stream can be selected existing
Stream cipher arithmetic, ZUC, RC4 and SEAL etc..
The following is a simplified example of the present invention, for explaining in detail encryption process:
M=2, n=3, F(001,3→3)X ()=x+001, x are 3 bit inputs;C3→2X (), input is 3 Bit data x, defeated
Go out low 2 Bit datas for x, such as: input x=010, be output as 10;F(01,2→2)X ()=x+01, x are 2 bit inputs.Often
Several 01 and 001 is key.Look-up table L is the compound of these 3 functionsConcrete data are as follows:
Input | Output |
000 | 00 |
001 | 01 |
010 | 10 |
011 | 11 |
100 | 00 |
101 | 01 |
110 | 10 |
111 | 11 |
After look-up table generates, it is distributed to terminal.Note: the functional relationship in this example is very simple, is only used for illustrating
Bright encryption process, does not considers Cipher Strength.
Ciphering process: being 8 bits 01 11 01 10 (every 2 bit one group) in plain text, initialization vector IV=11, PRN are
The generator of one pseudorandom bit stream.
1. clear packets 01 adds with IV=11 XOR, obtains 10;
2. utilize F(01,2→2)Inverse functionResult 10 by 1. obtains 11;
3. obtain 3-2=1 bit random data from PRN, it is assumed that be 0.The result of 0 with 02. being coupled, expansion is 011, should
Process is designated as
4. utilizeResult 011 by 3. obtains ciphertext 010;
5. update IV with low 2 Bit datas 10 in 4. results 010, repeat 1. to 4., next clear packets is added
It is close, until the encryption of all clear packets is complete.
Assume that the pseudorandom bit stream obtained during encryption is 0110, then the final ciphertext obtained is 010 101 100 010,
Totally 12 bits (every 3 bit one group).
Decrypting process: obtain ciphertext 010 101 100 010 and initialization vector IV=11 from server end
1. input is ciphertext 010, utilizes look-up table L, obtains being output as 10;
2. the output 10 of 1. is added with IV XOR, obtain plaintext 01;
3. update IV with low 2 Bit datas 10 of ciphertext in 1. 010, repeat 1. and 2., next ciphertext block is solved
It is close, until the deciphering of all ciphertext block is complete.
The plaintext finally obtained is 01 11 01 10.
When reality is implemented, m and n can select the most flexibly.Can think roughly, when m fixes, n is the biggest, safe journey
Spend the highest.The memory space that look-up table takies is 2nM bit.When needs opposing code migrating time, it is also possible to by adjust n and
The size of m, carrys out control routine scale.Code size is the biggest, and the ability of opposing code migrating is the strongest.In our example, eventually
The whitepack realization part of end is a look-up table, when the actual enforcement of system, it is also possible at the multiple same structure of terminal disposition
Look-up table.
Fig. 6 illustrates the embodiment of the present invention.This example is a paid digital media system, including server end
610 and a terminal (media player) 620.Server end by digital content (WAV, MP3, WMA, AVI, JPEG, MPEG-1,
The forms such as MPEG-2, MPEG-4) encrypt by the method described in Fig. 3, and it is distributed to legal terminal.Distribution approach can be by logical
Letter interface 625 or medium 626 (such as CD, DVD or USB flash disk).
After terminal obtains the digital content of ciphertext form, broadcast with the safe playout software being built in memorizer 622 in advance
Put.This software not only needs to be decoded digital content, in addition it is also necessary to first with whitepack crypto module to encryption digital content
It is decrypted.Whitepack crypto module includes the look-up table that the present invention relates to and corresponding decryption oprerations.Processor 621 can accept
From the input of user, determine the content needing to play, and decoded for deciphering content is presented on display (or audio amplifier)
On 624.
The present invention can be with expanded application to all computer programs being adapted for carrying out the present invention.This program can have source generation
The forms such as the object code of code, object code and partial compilation.The carrier of program can be any reality that can carry this program
Body or device, the signal of the communication channel such as storage medium, Internet transmission and embedded in the integrated electricity of program such as including: ROM
Road etc..
Above example is only limited in order to technical scheme to be described, the ordinary skill of this area
Technical scheme can be modified or equivalent by personnel, without departing from the spirit and scope of the present invention, and this
The protection domain of invention should be as the criterion with described in claims.
Claims (9)
1. a whitepack cipher encrypting method based on expansion ciphertext, the steps include:
1) m bit is used mapping function F in plain text(K,m→m)Inverse functionMap, obtain the intermediate object program of m bit
Ab;Wherein, F(K,m→m)Mapping function for the m bit relevant to key K to m bit;
2) a n-m bit random data PRN and function C is utilizedn→mRandom inverse functionBy this intermediate object program AbExpand
Open for n-bit;Wherein, Cn→mIt is input to m bit output function for n-bit;Random inverse functionFor: at function Cn→m
Effect under, m bit exports there being K n-bit preimage, utilizes pseudo-random data PRN to select one from this K preimage
Individual process is referred to as Cn→mRandom inverse function;
3) mapping function F is utilized(K,n→n)Inverse functionTo intermediate object program A after extensionbMap, obtain ciphertext
Ad;Wherein,Mapping function for the n-bit relevant to key K to n-bit.
2. the method for claim 1, it is characterised in that step 1) in, first vector IV with a m bit is carried out in plain text
Calculate, obtain intermediate object program A of m bita;Then by this intermediate object program AaUse mapping function F(K,m→m)Inverse function
Map, obtain intermediate object program A of m bitb。
3. method as claimed in claim 2, it is characterised in that a length of m bit of this vector IV, by the initialization of m bit
Carry out XOR adds calculating to vector IV Yu m bit in plain text, obtains intermediate object program A of m bita。
4. the method as described in claim 1 or 2 or 3, it is characterised in that use grouping encryption method that plaintext is encrypted,
Wherein, m is block length in plain text, and n is the block length of ciphertext;Take the low m Bit data in the i-th packet ciphertext and update vector
IV, repeats step 1)~3) i+1 packet is encrypted in plain text, until the encryption of all clear packets is complete.
5. the method as described in claim 1 or 2 or 3, it is characterised in that step 2) in, by this intermediate object program AbExpansion is n ratio
Special method is: by this n-m bit random data R and AbCarry out coupling R | | Ab。
6. a whitepack password decryption method based on expansion ciphertext, it is characterised in that decrypting end utilizes looking into of encryption end distribution
Look for table that n-bit ciphertext is carried out table lookup operation, obtain the m bit of correspondence in plain text;Wherein, this look-up table is answering of three functions
Close: the n-bit relevant to key K is input to the mapping function F one by one of n-bit output(K,n→n), n-bit be input to m bit output
Function Cn→mAnd the m bit relevant to key K is input to the mapping function F one by one of m bit output(K,m→m)。
7. method as claimed in claim 6, it is characterised in that vector IV with m is compared Temin for encryption end by this n-bit ciphertext
The ciphertext that literary composition is encrypted after calculating, this m bit obtained is carried out being calculated by decrypting end in plain text with this vector IV
Whole plaintext.
8. method as claimed in claim 7, it is characterised in that a length of m bit of this vector IV, decrypting end is by this m bit
Carrying out XOR adds calculating in plain text for vector IV and this m bit, obtains final plaintext.
9. method as claimed in claim 8, it is characterised in that this ciphertext is for using grouping encryption method to being encrypted in plain text
The ciphertext obtained, wherein, m is block length in plain text, and n is the block length of ciphertext;The decrypting end low m of the i-th packet ciphertext
Bit data updates this vector IV, with to the m bit after i+1 packet ciphertext deciphering, carrying out XOR adds calculating in plain text, until institute
There is ciphertext block deciphering complete.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610531694.0A CN106059752B (en) | 2016-07-04 | 2016-07-04 | A kind of whitepack password encipher-decipher method based on expansion ciphertext |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610531694.0A CN106059752B (en) | 2016-07-04 | 2016-07-04 | A kind of whitepack password encipher-decipher method based on expansion ciphertext |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106059752A true CN106059752A (en) | 2016-10-26 |
CN106059752B CN106059752B (en) | 2019-09-03 |
Family
ID=57184979
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610531694.0A Expired - Fee Related CN106059752B (en) | 2016-07-04 | 2016-07-04 | A kind of whitepack password encipher-decipher method based on expansion ciphertext |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106059752B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106506158A (en) * | 2016-12-29 | 2017-03-15 | 上海众人网络安全技术有限公司 | A kind of encryption method and system based on whitepack |
CN108090349A (en) * | 2017-12-19 | 2018-05-29 | 武汉珈港科技有限公司 | A kind of application program whitepackization based on whitepack instruction and expander graphs spirit model protects system and method |
CN108111622A (en) * | 2017-12-29 | 2018-06-01 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack library file |
CN109714154A (en) * | 2019-03-05 | 2019-05-03 | 同济大学 | Whitepack cryptographic algorithm under code cubage difficulty whitepack security model |
CN111010266A (en) * | 2019-12-09 | 2020-04-14 | 广州市百果园信息技术有限公司 | Message encryption and decryption, reading and writing method and device, computer equipment and storage medium |
CN111602367A (en) * | 2017-11-30 | 2020-08-28 | 泰雷兹数字安全法国股份有限公司 | Method for protecting entropy sources used in countermeasures securing white-box cryptographic algorithms |
CN115396103A (en) * | 2022-10-26 | 2022-11-25 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
-
2016
- 2016-07-04 CN CN201610531694.0A patent/CN106059752B/en not_active Expired - Fee Related
Non-Patent Citations (3)
Title |
---|
ALEX BIRYUKOV、等: "Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key", 《20TH INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATION OF CRYPTOLOGY AND INFORMATION SECURITY》 * |
ANDREY BOGDANOV、等: "White-box Cryptography Revisited: Space-Hard Ciphers", 《15 PROCEEDINGS OF THE 22TH ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATION SECURITY》 * |
罗睿: "一种应用非线性混淆的基于查找表的白盒AES 实现", 《万方学位论文数据库》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106506158A (en) * | 2016-12-29 | 2017-03-15 | 上海众人网络安全技术有限公司 | A kind of encryption method and system based on whitepack |
CN111602367B (en) * | 2017-11-30 | 2023-04-25 | 泰雷兹数字安全法国简易股份公司 | Method for protecting entropy sources used in countermeasures for securing white-box cryptographic algorithms |
CN111602367A (en) * | 2017-11-30 | 2020-08-28 | 泰雷兹数字安全法国股份有限公司 | Method for protecting entropy sources used in countermeasures securing white-box cryptographic algorithms |
CN108090349A (en) * | 2017-12-19 | 2018-05-29 | 武汉珈港科技有限公司 | A kind of application program whitepackization based on whitepack instruction and expander graphs spirit model protects system and method |
CN108111622B (en) * | 2017-12-29 | 2021-10-29 | 北京梆梆安全科技有限公司 | Method, device and system for downloading white box library file |
CN108111622A (en) * | 2017-12-29 | 2018-06-01 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack library file |
CN109714154A (en) * | 2019-03-05 | 2019-05-03 | 同济大学 | Whitepack cryptographic algorithm under code cubage difficulty whitepack security model |
WO2021114850A1 (en) * | 2019-12-09 | 2021-06-17 | 百果园技术(新加坡)有限公司 | Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium |
US20230027142A1 (en) * | 2019-12-09 | 2023-01-26 | Bigo Technology Pte. Ltd. | Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium |
CN111010266B (en) * | 2019-12-09 | 2023-04-07 | 广州市百果园信息技术有限公司 | Message encryption and decryption, reading and writing method and device, computer equipment and storage medium |
CN111010266A (en) * | 2019-12-09 | 2020-04-14 | 广州市百果园信息技术有限公司 | Message encryption and decryption, reading and writing method and device, computer equipment and storage medium |
CN115396103A (en) * | 2022-10-26 | 2022-11-25 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
CN115396103B (en) * | 2022-10-26 | 2023-03-24 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
Also Published As
Publication number | Publication date |
---|---|
CN106059752B (en) | 2019-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106059752B (en) | A kind of whitepack password encipher-decipher method based on expansion ciphertext | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
CN103795533B (en) | Encryption based on identifier, the method and its performs device of decryption | |
CN102546181B (en) | Cloud storage encrypting and deciphering method based on secret key pool | |
CN103259643B (en) | A kind of full homomorphic cryptography method of matrix | |
CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
CN108123794A (en) | The generation method and encryption method of whitepack key, apparatus and system | |
CN110313146A (en) | Fuzziness enhancing | |
CN108111295B (en) | Homomorphic encryption method based on analog-to-analog operation | |
CN102402670A (en) | File encryption and decryption method | |
CN104836657B (en) | A kind of identity-based anonymity broadcast encryption method with efficient decryption features | |
CN102016871A (en) | Cryptographic system | |
CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
CN107154845A (en) | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute | |
CN109873699A (en) | A kind of voidable identity public key encryption method | |
CN107257279A (en) | A kind of clear data encryption method and equipment | |
CN106685662A (en) | White-box software realization method based on remainder system for commercial cipher SM2 encryption algorithm | |
CN104396182A (en) | Method of encrypting data | |
CN105184115A (en) | Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation | |
CN105162589A (en) | Lattice-based verifiable attribute encryption method | |
CN105095695A (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
CN111314050A (en) | Encryption and decryption method and device | |
CN109688143A (en) | A kind of cluster data mining method towards secret protection in cloud environment | |
KR20170097509A (en) | Operation method based on white-box cryptography and security apparatus for performing the method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190903 Termination date: 20200704 |
|
CF01 | Termination of patent right due to non-payment of annual fee |